IoT, or Internet of Things devices are network-connected, and generally internet-connected smart devices. They can have a broad range of purposes, such as allowing you to turn your lights on and off from your phone, checking what food is in your fridge while shopping, enabling a smart speaker, and more. The problem is that these internet-connected devices have a history of having security issues that allow hackers to co-opt them as part of a botnet to mine Bitcoin or to perform DDOS attacks. In the worst-case scenarios, it can even be possible for a targeted attacker to learn your movement habits and use your location data to identify when you won’t be home so they can break-in with minimal risk of being caught.
To help you protect your devices and yourself we’ve collected a list of tips to help secure your IoT devices.
Change default usernames and passwords
All IoT products come with some form of default credentials, even if these are literally blank. Unfortunately, these default credentials are typically well known or easily accessible. To prevent other people from being able to access your devices, ensure that you change the default credentials.
As part of setting a new password, ensure you create a strong and unique password. It’s recommended that you use a password manager as this helps you create and remember, long, complex, random, and unique passwords for each device and account.
Disable features you may not need
IoT devices come with a lot of features but you may not necessarily need or want to use all of them. By reviewing the available features and disabling those that you don’t want to use you can reduce the attack surface of your devices. For example, while you may want to control your smart lights with your phone, you probably don’t need to do so when you’re not home. In this scenario, you can disable internet access for the devices and control directly over your Wi-Fi network instead.
Similarly, you should review the data privacy settings for any of your internet-connected devices. You may find that your data is being actively tracked and used for purposes with which you may not be comfortable. For example, your voice data may be stored by a smart speaker manufacturer.
Keep your software up to date
It’s easy to configure your IoT devices the first time you set them up and to then forget about them and never check the settings again. It’s really important to ensure that all IoT devices are regularly updated. Ideally, you should enable automatic updates, so you don’t have to remember to update all of your devices manually. Updates are especially important for devices that can be accessed over the internet as these are significantly easier for hackers to target as part of an attack.
If your IoT devices, especially those connected to the internet, support 2FA, aka Two Factor Authentication, then you should enable it. 2FA locks down access to your device so you need the username and password as normal and then you need to approve the sign-in via your phone. 2FA is an incredibly effective tool to deny hackers access and is generally easy to set up.
Most home routers support the creation of two or more home wireless networks. By creating a separate network for your IoT devices you create a gap between your personal computers and your IoT devices. This separation makes it harder for malware to spread from your personal devices to your IoT hardware or vice-versa.
Tip: Many home routers only support two networks. If this is the case, you have to choose between creating a guest or an IoT network. While having a guest network can help protect the rest of your devices from untrusted guest hardware, you really don’t want that untrusted hardware to have access to your IoT gear.